Reversing 8.1.0 changes...

[dragonbane24]

I'm working on updating the system to 8.1.0 (28724)

Working with the Object Manager, I've noted a few changes. Still sorting through it, but figured I'd share what I'm working with to see what others have come up with...

Currently.... (using PTR dumps for debugging)

Code:

            CurMgrPointer = 0x261D760,  
            NextObject = 0x30, // seems okay - was 0x70, 
            FirstObject = 0x18,  // seems correct
            LocalGUID = 0x220, // was 0x208, 

            ObjectTypeOffset = 0x10, // was 0x20, I can see this has moved.
            ObjectStorageOffset = 0x?? / was 0x10.

Either the object storage has significantly changed or they have moved its mapping pointer a decent amount.
I was going to post my debugging steps, but then realized the GUID may give away too much info.

But they appear to have moved some things around in the overall Object Manager. And the data reference for the object used to be the first pointer inside the object.
But now this is the object type and the data may either be embedded or referenced elsewhere.

Anyone solved this one yet? I'm only an hour or so into it, so not done yet, but figured I'd ask.

Thanks,
Dragonbane

[counted]

have not looked at it yet, the patch is dropping today so guess that will be the next couple days work for me.

[Kovrizha]

[8.1.0.28724]
CameraStruct=26A4CD8
CharacterSelection=222BF80
ChatBuffer=?
ChatPosition=?
IsTexting=25A53CC-0x8
LoadingScreen=25162A0
MouseGuid=26A3468
ObjectList=260B750
ObjectFirst=0x18
ObjectNext=0x30
PlayerGuid=257FC30
ZoneId=26A4290

[dragonbane24]

Code:

ObjectList=260B750

That offset shows as a lot of 0x00 on my PTR build. Not sure if that was from the same build or not. (28724)

Digging a bit further, I'm finding the unit properties (descriptors) at a fairly consistent offset from the base address of the object.
For instance the 'UnitField.Target" is now 0x1550 from the base address.
Nearby I can find the 'UnitField.Critter' and 'UnitField.Level'.
But it isn't a one-to-one from before. Looks like several may have been moved / removed.

Maybe I'm misreading something, but I believe they have done away with the Object Storage pointer (and associated structure) and merged it into the Object directly.

Anyone else seeing this or able to read objects the previous way?

-Dragonbane

[lolp1]

The object storage likely changed from traditional descriptors as people have known them. I suspect it is some form of entity component system and one thats intent on being more difficult for 3rd party's to consume. Almost seems like it is stored in something like this, but wild guess.

Code:

Hashtable  table  = new Hashtable();
tableAdd(encrypt!"blah0", SomeElement*);
table.Add(encrypt!"blah2", SomeElement*);
table.Add(encrypt!"playerStats", StatComponents*);
int hp  = table[encrypt!"playerStats"]->.get<int>(encrypt!"health");

[dragonbane24]

The object storage likely changed from traditional descriptors as people have known them. I suspect it is some form of entity component system and one thats intent on being more difficult for 3rd party's to consume. Almost seems like it is stored in something like this, but wild guess.

That would have been extremely painful. And that would mean they would be hashing every time they want to access an element. Not efficient for as many objects ad they deal with.
But the hash would end up being the same offset consistently anyway (unless they had some random key encrypt... please don't give them ideas).

Fortunately it's not as bad as it seems. Here's what I have so far. (Had to take some time to do my day job.)
Been mainly using WinDbg, so I'm going a bit cross-eyed staring at the structures.

This is all *very* preliminary and subject to change when they patch again tomorrow. (They always rapid-fire the patches the first weeks of major content.)

And I was able to validate some of your info Kovrizha. +rep for your info thus far.

Code:

        public enum Globals
        {
            PlayerName = 0x2518F18, // -0x47BA90
            Version = 28724,           
        }

        internal enum ObjectManager
        {
            CurMgrPointer = 0x260B750, // +0xECB88 
            NextObject = 0x30, //0x70, 
            FirstObject = 0x18, 
            LocalGUID = 0x220, //0x208, 

            ObjectTypeOffset = 0x10, //0x20,
            //ObjectStorageOffset = 0x10,  GONE!
        }

        internal enum Globals
        {
            RedMessage = 0x26A36D0, // -0x1D2130
            BlueMessage = RedMessage,

            CursorType = 0x2749370, // -0x204820
       }

        public enum ActionBar
        {
            ActionBarFirstSlot = 0x26C59B0, // -0x203D90
            ActionBarBonus = ActionBarFirstSlot + 0x240,
        }

        public enum CgWorldFrameGetActiveCamera 
        {
            CameraX = 0x10,                      
            CameraY = 0x14,                  
            CameraZ = 0x18,                 
            CameraMatrix = 0x1C,
            CameraPointer = 0x26A4CD8,  // -0x205D68
            CameraOffset = 0x3330,      // 0x00      
        }

        internal enum KeyBinding
        {
            //New key handler as of 8.1
            NumKeyBindings = 0x26C6E20,
            First = 0x28,                   
            Next = 0x18,                    
            Key = 0x30,                     
            Command = 0x58,                 
        }

        internal enum MacroManager
        {
            MacroCount = 0x244E0E0, // Not verified yet.
            MacroTable = MacroCount + 0x10,
            MacroIdOffset = 0x30,
            SpecificMacroIdOffset = 0x38,
            MacroNameOffset = 0x44,
            MacroListCount = 0x80, //0x80
        }

        internal enum Reaction 
        {
            FactionDBCStruct = 0x2541EA8, 
        }

        internal enum UnitName : uint
        {
            ObjectName1 = 0x148, //0x478,                       
            ObjectName2 = 0xE0,                 
            PlayerNameGUIDOffset = 0x020,       
            PlayerNameStringOffset = 0x031,
            PlayerNameCachePointer = 0x220D158, 
            UnitName1 = 0x308, // 0x1740
            UnitName2 = 0xE0, // 0x00                  
        }

        internal enum WowObject 
        {
            X = 0x150, //0x1588,                    
            Y = X + 0x4,                                
            Z = X + 0x8,                                
            RotationOffset = X + 0x10,
            GameObjectX = 0x180, //0x1B0,        
            GameObjectY = GameObjectX + 0x4,            
            GameObjectZ = GameObjectX + 0x8,            
            GameObjectRotation = GameObjectX + 0x10,    
        }

        internal enum Zone : uint
        {
            ZoneText = 0x26A3640,
            ZoneID = 0x26A4290, 
        }

[dragonbane24]

And here are the preliminary fields for objects / units.
Note that these are all offset from the object Base Address.
No longer is there a storage pointer and separate structure.
At least not that I've found.

Completely preliminary.
I'll work on verifying it after some sleep.

Maybe someone has some magic to determine all the offset as has been done previously.

Code:

        public enum eObjectFields
        {
            Guid = 0x80, 
       }

        public enum eUnitFields
        {
            Summon = 0x14E0,
            Critter = 0x14F0,   //Confirmed
            Target = 0x1550,    //Confirmed
            CharmedBy = 0x1510,
            SummonedBy = 0x1520,
            CreatedBy = 0x1530,
            DemonCreator = 0x1540,
            Sex = 0x1584,               //Confirmed
            DisplayPower = 0x1588,      //Confirmed
            Health = 0x1590,            //Confirmed
            MaxHealth = 0x1598,         //Confirmed
            Level = 0x15A0,             //Confirmed
            FactionTemplate = 0x15C4, 
            Flags = 0x15C8,             //Confirmed
            Flags2 = 0x15CC,            
            BoundingRadius = 0x15E0,
            CombatReach = 0x15E4,
            DisplayID = 0x15E8,
            MountDisplayID = 0x15F0,    //Confirmed
       }

        public enum ePlayerFields
        {
            CurrentSpecID = 0x1ADC,         //Confirmed
            VisibleItems = 0x3434,          //Confirmed
            Coinage = 0x3540,               //Confirmed
            XP = 0x3544,
            NextLevelXP = 0x3548,
            InvSlots = 0x4748,
            ProfessionSkillLine = 0x5AC4, //Confirmed
       }

[Kovrizha]

Here is what I've found additionally:

ItemDurability=0x204
ItemMaxDurability=0x208
ItemContainedIn=0x1C0
ItemStackCount=0x1F0
ContainerSlots=0x3A0
ContainerNumSlots=0x398
UnitVehicleGuid=0x140
UnitTransportGuid=0x14C
UnitShapeshiftForm=0x1647
UnitStandState=0x14E7

[counted]

Unit Flags = 0x15c8
Unit Flags2 = 0x15cc

Player Flags = 0x1aa8

[gdfsxwy]

UnitHealth = 0x1300
UnitPower = UnitHealth + 0x8
UnitHealthMax = 0x1518
UnitPowerMax = UnitHealthMax + 0xC
UnitLevel = 0x1520

TARGET = 0x14D0
SUMMONED_BY = 0x150
CREATED_BY = 0x160？
BoundingRadius = 0x155C
CombatReach = BoundingRadius +4

NextEntity = 0x70
EntityType = 0x10
Descriptors = 0x168

X= 0x150
Y = X + 0x4
Z = Y + 0x4
S = Z + 0x4
R = X + 0x10

[evil2]

Player unit misc:
Base + 0x0
public const uint Unit_PosX = 0x150;
public const uint Unit_AutoAttackGuid = 0x400;
public const uint Unit_Cast_Struct = 0x4C8;
public const uint Aura_Count2 = 0x630;
public const uint Aura_Count1 = Aura_Count2 + 0xA80;
public const uint Unit_SpecId = 0x1ADC;

Unit fields:
Base + 0x1380 (temporary offset)
i think [ Base + 0x120 = 0x1260] could be the real offset, but too lazy to check...

[FieldOffset 0x000 ] public uint Health;
[FieldOffset 0x008 ] public int Power1;
[FieldOffset 0x00c ] public int Power2;
[FieldOffset 0x010 ] public int Power3;
[FieldOffset 0x1a0 ] public WowGuid CreatedBy;
[FieldOffset 0x1d0 ] public WowGuid Target;
[FieldOffset 0x204 ] public byte Race;
[FieldOffset 0x205 ] public byte Class;
[FieldOffset 0x218 ] public uint MaxHealth;
[FieldOffset 0x220 ] public int Level;
[FieldOffset 0x248 ] public uint Flags;
[FieldOffset 0x264 ] public float CombatReach;
[FieldOffset 0x270 ] public int MountDisplayID;
[FieldOffset 0x410 ] public int MaxPower1;
[FieldOffset 0x414 ] public int MaxPower2;
[FieldOffset 0x418 ] public int MaxPower3;


all values not fully tested!
anyone has the base offset for the Object_Transform_Matrix (old was 0x480) ?

[vegoo]

Code:

# ##OFFSETS##

playerNameoffset = 0x2518F18
objManageroffset = 0x260B750
MouseOverGUIDOffset = 0x26A3468
MyTargetGUIDOffset = 0x2443810

# OBJECT MANAGER OFFSETS

playerGUIDOffset = 0x220
firstObject = 0x18
NextObject = 0x30

# object type is byte
ObjectType = 0x10

ObjectGUID = 0x48
TargetObjectXOffset = 0x155C
NPCItemIDOffset = 0xD8
UnitXOffset = 0x150
currentHPOffset = 0x1380
currentManaOffset = 0x1388

# race is byte
raceOffset = 0x15C4

# byte, 0 when not flying, other when flying
# taken from UnitOnTaxi, 2nd if statement with + 0x18 addition (first row)
IsOnFlightOffset = 0x15F0

# Object Types for BoA:
# 1 - item
# 5 - npc, no idea if it includes monsters
# 6 - other players
# 7 - localplayer

# 8 byte from stopcinematic function, first if statement
IsInCinematicOffset = 0x26A3350

#byte from isPlayerInWorld function
IsInGameOffset = 0x26A3460

GameVersionOffset = 0x1DE9428
StopCinematicOffset = 0xF58190

# ida aredangerousscriptsallowed
AllowCustomScriptsOffset = 0x26A32F0

LuaState = 0x251BA68